Medical and mobile: Convenience trumps security

According to the Identity Theft Resource Center, there were 54 banking-related data breaches in 2010, down from the 62 breaches reported in 2009 but nevertheless accounting for 4,853,708 exposed records. Most breaches were related to insider theft, cyberattacks, and card skimming stacks; other top breaches related to missing paper documents, stolen or missing hardware and accidental breaches.

According to Ponemon Institute’s Second Annual Survey on Medical Identity Theft, we estimate that more than 1.49 million Americans have been targeted by this crime. With an average cost per victim of $20,663 the total national economic impact of medical identity theft crimes is more than $30 billion.

More than 1500 tax scams reportedly target consumers and businesses through hundreds of thousands of scam emails; many use phishing to fool anxious taxpayers into visiting a scam website or providing personal and financial data in order to comply with tax filings. Protecting yourself starts by getting smart about common scams.

Today's headlines trumpet yet another high-profile medical data breach, this time through Health Net. This corporate catastrophe reminds us of the increasing hazard of medical fraud, which is the most expensive and time consuming to resolve of all types of identity theft . The second annual National Study on Medical Identity Theft, fielded by the Ponemon Institute provides further insight into this pervasive problem and how it affects consumers.

Gift cards are a growing market for businesses and should be treated as valuable sales currency, with the same risks of consumer fraud and internal misconduct that are posed by credit cards. Developing robust safeguards , proper auditing and early detection and reporting of abuse are critical to protecting a program that is popular with customers and profitable to retailers.

For businesses that don’t comply with these new regulations, stiff penalties will be added to the burdensome costs of breaches (and how can you even tabulate costs like the loss of public trust?) The new regulations headed our way in 2011 provide one more reason for businesses to protect themselves from breaches, swiftly take action when a breach has been detected, and stay informed about the legal currents that are taking shape.

The proliferation of state data breach notification laws, substantive state information security laws (such as the Massachusetts data security standards), and FTC and private lawsuits on information security matters has led to heightened attention to information security in both IT budgets and staffing and in terms of legal resources. With budget pressures all around (not to mention time pressures and the pressures of other duties that in-house counsel already has), the question becomes: How can my organization lower the time and dollar costs associated with information security when there is a breach?

While state laws requiring “reasonable” data security have had a positive impact, data breach notification laws have had the most profound effect on the improvement of data security. These laws have motivated companies – through negative incentives – to improve data security to avoid publicity, embarrassment, and the risk of notification.